Show TOC

Synchronization of SAP User Administration with an LDAP-Compatible Directory ServiceLocate this document in the navigation structure


Increasing numbers of customers are using LDAP-compatible directories to administer objects (such as users) centrally. This means that data (in part, redundantly stored) from different data administrations in one system landscape can be kept consistent. The synchronization function of the SAP system has the advantage that the LDAP-compatible directory schema is not prescribed by the SAP system. The synchronization process is, in fact, adjusted to the corresponding vendor-dependent directory schema using Customizing settings.

If several systems are synchronized with the directory service, a data flow from and to external systems is also possible. Predefined SAP data fields can therefore be filled with data from other systems (for example, an employee's personnel number can be copied from the HR system).

Every SAP system synchronizes its own database with the directory service in accordance with the Customizing settings. The communication is performed using the standard protocol LDAP. Other systems can also profit from the directory and synchronize their data with it or access it as a primary data source.

Example Scenario of a System Landscape


1: An HR system has created a user name for a new employee in its own database. It exports this name to the directory.

2: The SAP EP retrieves the user names from the directory and synchronizes it with its database. The SAP EP then assigns the users one or more roles.